03-12-2008 09:12 AM - edited 03-11-2019 05:16 AM
PIX 515 with 4 interfaces
eth0 - outside
eth1 - inside
eth2 - DMZ
eth3 - not in use
We have added a second outside IP block to our Internet service. We would like to keep our current IP block and configuration on the outside interface. Can I use eth 3 as a second Outside interface and create static mappings just like I do with eth 0? If so, how would I handle default route settings?
Thanks,
Jay
03-12-2008 09:21 AM
Hi Jay,
You don't need to use another interface to configure this. All you need is the following:
1) Your ISP to route the entire new IP range to the current outside IP address of your firewall
2) Create static transltations to the new range specifying the current outside interface in the static command.
eg:
Current outside ip = y.y.y.y/24
Your ISP routes x.x.x.x/24 towards y.y.y.y
static (DMZ,outside) x.x.x.x d.d.d.d netmask 255.255.255.255
This solution is used often!
Good luck!
03-12-2008 10:58 AM
I do not understand the 1.0 ratings, even though I did not responded to original poster the reply from Bret is a very valid/solution reply that you do not need to use another physical interface in order to route a second public IP block from your current ISP towards your pix outside interface, I recommend to instead of placing a 1.0 ratings to be constructive in asking in a simple reply why you do not agree with the solution . remember that netpros are here to help out and while our networks run smoothly we take time aside to help in your problems.
Jorge
03-12-2008 11:59 AM
Totally agree Jorge,
In fact, in this case, the use of a second interface is not possible as you can only have one default route.
Thanks for your comments...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide